Responsible Disclosure Policy
We're a security company — we hold ourselves to the standard we set for clients.
If you believe you've found a security vulnerability in any Vanorika Technologies system or website (vanorikatechnologies.co.zw), we want to hear from you. We welcome reports from security researchers and will work with you to understand and resolve the issue quickly.
How to report
Email donovanmudarikwa@gmail.com or message us on WhatsApp. Please include:
- A clear description of the issue and where you found it
- Steps to reproduce it (proof-of-concept where possible)
- The potential impact, as you see it
Our machine-readable contact details are published at /.well-known/security.txt.
What we ask of you
Please do
- Report issues as soon as you find them
- Give us reasonable time to fix before disclosing publicly
- Only test against your own accounts / data
Please don't
- Access, modify, or delete other people's data
- Run DoS / DDoS or destructive tests
- Use social engineering or physical attacks
Our commitment
- We'll acknowledge your report and keep you updated as we investigate.
- We won't pursue legal action against researchers who act in good faith under this policy.
- We're happy to credit you for a valid finding if you'd like.
We practice what we preach
Don't take our word for it. Run our own site through the same independent scanners we'd use on yours.
SSL Labs
TLS / certificate configuration
Security Headers
HTTP security headers
Our own Headers tool
6 / 6 core headers on our domain
Open any of these and scan our domain yourself — we've got nothing to hide.
Hall of Fame
We credit security researchers who responsibly disclose valid findings in our systems. This space is reserved for them — report a genuine issue under the policy above and we'll list you here (with your permission).
Be the first